These are unedited transcripts and may contain errors.

Plenary Session on 2 May, 2011, at 2 P.M.:

ROB BLOKZIJL: Good afternoon. It has been two o'clock, so, I think we are entitled to start. If people in the back can either find a seat or continue their conversations outside, we would all appreciate that.
Right, this is RIPE 62. I am Rob Blokzijl, I am the Chairman of RIPE, and I welcome you all at the start of this RIPE meeting. It will be a very interesting RIPE meeting. It is a bit of a special. It is the first RIPE meeting where we are faced with the fact that the global IPv4 address pool is empty. It's also the first RIPE meeting where one of the regional IPv4 address pools is empty: The APNIC region. And, probably, the next RIPE meeting will be around the time when the RIPE NCC IPv4 free pool could be empty. Predictions are always difficult, especially predictions into the future, but it is possible that, before the next RIPE meeting, we run out of our free pool of IPv4. It's also possible that it will extend into next year. It all depends on the consumption rate.

Anyway, we are not far from the point that we will have to take IPv6 serious if you still plan for growth. I am not an economist, but I have understood that it's a sound principle of economy to plan for growth, so I think whether you like it or not, you will have to take IPv6 seriously now.

That is reflected quite nicely in the programme. For many, many years, we have had an IPv6 Working Group, one of the 12, or so, Working Groups in RIPE which clearly started as a small bunch of people who shared this strange hobby, labelled IPv6, which not really had much to do with reality. You may have noticed that, this week, there is no meeting of the IPv6 Working Group, but the Plenary programme has been saturated with IPv6?related presentations and discussions. So, I think that shows that, yes, what started, maybe, as a hobby, eight, nine years ago, has become real mainstream in this community, as well. At least as reflected in the programme, but I think if you are still planning for growth, you will see as reflected on the Internet in our region, as well, very soon.

So, after these remarks, let's return to this first session.

Before I introduce the session, I have a couple of short announcements. You may have noticed, if you are a regular participant in RIPE meetings, that, this time, your meeting pack, you did not find detailed ?? a printout of the detailed agendas of the Plenary Sessions and the Working Group sessions. That's for pure logistical reasons. The agendas were received far too late and we will hope to repair that in the future. Too late to be printed. However, since most of you are not looking at me but at your screens, if you go to, or, that is the meeting website this week, you will find up?to?date agenda information, and don't say it's not working, Daniel. I checked it five minutes ago.

So, that's where you'll find the daily updates. Also the RIPE NCC, the good people in the RIPE NCC will make sure that, every morning, there is a printout available at the registration desk of the programme of the day. So, for the three or four people who didn't bring an Internet?enabled device with them, don't worry, we do historical media distribution as well.

Tonight, if you have had time to look through the programme and/or in your meeting pack, you will have seen that you are all invited for a welcome reception which will take place this time for the old hands among you, not at the usual place, but at the place where you had lunch, in the Winter Garden. This is a reflection of the numbers. You may remember the last two times we had welcome drinks in the Amsterdam Room, I think it was called, it was very crowded, so we will have more space to mix and mingle and talk after the last session.

You may have noticed, I think most of you have noticed that we have a wireless network that is up and running. There is a password on the wireless network and the password is printed in the corner on the back of your badge.

If you need any technical support, there are RIPE NCC technical crew members running around and you can recognise them because they have blue badges.

If you are looking for quiet space to either work or sit with a few people together, we want to remind you that, on one floor up, there is something labelled the Terminal Room, that's a historical name. If you are looking there for terminals, no, you can find a couple of PCs with Microsoft Office and Windows stuff, and a printer; the printer, you can also use from your Apples, and so there is ample space there if you need a chair and table and power.

Right, this brings me to the end of the short announcements, and now we go to the programme. We have two major reports this afternoon in a slightly different order than in the published programme. The first one is a report from the meeting taskforce. Let me introduce, we have Working Groups. Working Groups have Chairs, a Chairman, and one, two or three Co?Chairpersons. A Working Group Chair is, in the first place, of course, responsible for managing and running his /her Working Group, but, collectively, they also have a responsibility for scheduling the meetings of the Working Groups, because they take place in at least two parallel streams, and collectively, they also have a responsibility to at least assist in putting the Plenary programme together. Also, collectively, from time to time, they discuss the overall format of RIPE meetings. So, as Working Group Chairs, we usually get together for lunch during a RIPE meeting week, and since about a year?and?a?half, we come together for a one?day meeting half?way in between RIPE meetings because there are more and more issues that we feel we should discuss, at least among the Working Group Chairs.

Out of one of these meetings of the Working Group Chairs, there came a whole list of ideas about the format of a RIPE meeting, organising the programme of a RIPE meeting. The way to go forward with studying such issues, of course, is not to have a committee of 40?odd people working on it, but have a very small taskforce on it, and I am very happy to report that the taskforce has done a lot of work, has reached some conclusions, has one or two proposals, and I would very much now like to invite Andy, Andy Davidson, to take over this first part of the afternoon session, and present to you the good workings of the RIPE meeting taskforce.

ANDY DAVIDSON: Thank you. Yes, I am going to announce some of the research and conclusions that we have reached so far and make some recommendations about how we can structure RIPE meeting processes in the future and involve more of you. So, I also want to give special thanks to everybody who served on the taskforce, since it was formed. The names are becoming quite long to read out, but they are all on the screen and everybody has taken a significant role in this work, so, we are very, very grateful for the work of the entire team.

But, first of all, I'd like us to cast our minds back to RIPE 61, where, in Rome, we announced what it was that we were going to work on and also some of the things that we did for that meeting, and if you remember in Rome, we tried a BoF formatted section, where individuals could come together and talk about a particular issue without presentations, without a format structure, and just say, this is what worked, this is what didn't work when I tried rolling out; in that case, it was v6 access, but it could be about anything, and that was actually very well received at the meeting, and, also, we tried, instead of an NCC?based tutorial session, we tried a community tutorial session, which was also very well received. So we agreed to take the test that we had done so far, but actually have a survey, as well, about other content types and also the issues that you, the attendees, actually cared most about. We wrote a survey that was distributed at the end of last year and the things that we wanted to learn most of all from the survey were those things which must not change about the RIPE meeting, but also the things that you wanted to see different at the RIPE meeting, new ideas that you had, or otherwise.

So, the survey was very, very well responded to, we had almost 300 responses, and I am glad to say that some very clear trends emerged that we were able to learn from and make recommendations with. By and large, about two thirds of the responses came from people who were network practitioners or ran teams of network practitioners and about half of the responses came from people who worked in the SIP or carrier space, so we were fairly confident that we had properly surveyed the community at large and we are able to understand what many types of the community all wanted.

First of all, the things that you said absolutely must not change about the RIPE meeting. You said that the focus was technical and must remain technical, and you also told us some lessons about the logistics so that the meeting frequency and duration was about right for your needs and the needs of the community at large; that the meeting fee was fairly fair and the logistics of the meeting, the way that the people at the NCC come together and build these fantastic facilities that are all excellent.

So, there is a lot about the meeting which is very good. And you really don't want anyone to break with new ideas.

But, there were some clear messages of things that you wanted to be changed or new ideas that you wanted us to try and run with that came through from the survey as well. So, much more tutorial content was requested; in fact, 87% of responsends went on to say that they came to the meeting to learn and that perhaps that wasn't reflected in the content that was actually offered at the RIPE meeting so far.

Also, a fifth of the people that responded said that they wanted to get more involved and have a more clear way that they can actually submit content or join in with the actual meeting up on stage each time, which I thought was a fantastic number; a fifth of the people who want to get move involved, that's absolutely brilliant.

Also, the ad hoc style of content, as opposed to the stage and audience style content, was popular with every type of ?? or every group of people that we surveyed, no matter what your role was. By and large, people wanted to see more of that.

They also said that they wanted ?? you also said that you wanted the RIPE community to engage more with in country network operator groups, although we haven't defined what that means yet. We will be asking you about for that over the course of the next few weeks and this meeting.

And that you also wanted more bleeding edge technology and research presented. So, we have taken that on board and we think that the way to stay attached to these ideas for content and your specific needs and the agenda?building process is to actually engage a programme committee, which is what we are recommending today. The programme committee will be responsible for the good quality, Plenary content, which is this style of the meeting, also the tutorial and BoF sessions. And the programme committee wouldn't be getting involved with building Working Group agendas. The Working Group Chairs are still responsible for their individual Working Group, and essentially what we are recommending is that there are four community representatives who are selected by the RIPE meeting each time. So, you will be appointed for a period of four RIPE meetings, then stand down to be replaced by someone else. But also there'd be some ?? for continuity and for good governance, there would be some community liaison representatives from the Working Group Chairs and from the programme committees of other RIPE projects like the MENOG and ENOG groups. And also to ensure that we are connected to all of the local operators that may have good ideas. The local host, the sponsoring organisation would be able to recommend somebody with good connections themselves to other local presenters.

The process that is would always be open and transparent. The programme committee would always have to talk to you guys and would solicit talks in a very open and fair way so that everybody could be involved with submitting talks. And the ?? in order to make sure that any specialist technical interests are represented in the programme committee, if we wanted to organise a special day on say mobile IP or something else along those lines, the programme committee could owe opt people with that specialist knowledge in order to review the talks or solicit talks.

It absolutely wouldn't be just a badge. Although I am sure it would be another colour on the badge for people who are on the programme committee, but it would be an all of lot of work, but our belief is that this is a strong and stable way to solicit interesting content that is absolutely at the bleeding edge, very technical and absolutely aligned with your needs.

So, my question to you now is: Do you have any feedback on this idea? Are there people in the room who would want to step forward to serve in the boot strap programme committee? Any other comments? I can see James Blessing already at the microphone.

JAMES BLESSING: James Blessing from Limelight. Looking at what you have just said, the only concern I have is that you are going to be continually adding people and removing people over a process, and it possibly needs some degree of stability running through it just to help it through, but otherwise, it's a good idea. I just think you might need to change the structure if the people who are involved on a regular basis so that you keep that degree of stability.

ANDY DAVIDSON: What we propose so far is that there will be four people that the Community appoint and only one will stand down by rotation each time, so that there is always going to be, when one joins the programme committee, they are supported by three, at least three people who have been on it for a much longer amount of time. Did you have a point on this? I am going to hand over to Rob, who is actually on the taskforce as well.

ROB EVANS: Also just to clarify that, in the suggested ?? Rob Evans ?? in the suggested terms of reference, a member of the steering committee could stand for up to three terms. They have to be re?elected after every four meetings, but they can stand for up to three terms, so there could be some stability that way.

ANDY DAVIDSON: I think it's Nina, Randy and then Todd.

NINA BARGISEN: I am Nina from TDC. I just want to say thank you for having done this work and I think this proposal is looking really good. I really like the idea about expanding the group of people who bring content into RIPE outside the Working Groups; not that the Working Groups are not doing a great job, I think they are, but I think that we needed some more dynamic in gathering the content.

ANDY DAVIDSON: That was exactly what came across from the survey, so thank you for supporting that. Thank you.

TODD UNDERWOOD: Todd Underwood, Google. I think this is a fantastic idea. I I worked on the NANOG programme committee for a number of years, and what we found, you know, what I understand of the RIPE Working Group format is that it's structured to produce interesting discussions and results, but it is not structured to seek out content for the meeting. That's just not the original intent it have and I think what we have found is that the people who are willing to volunteer content and have a lot of time to put together content are the marketing and sales organisations of the organisation that is we all purchase things from. And the people who have the most interesting content need quite a bit of encouragement and quite a bit of recruitment and those are the actual engineers who work at ?? in the network engineering and operations divisions of service providers and also the engineers who work in vendors, as well, that they are just the people who don't have time to do this. So I'd be happy to help out with such a thing if that's desirable and I know there are a lot of people who would help. So thank you for your work on this. This is fantastic.

RANDY BUSH: Randy Bush. I think this is good. I just want to frame something which is ?? there have been been programme committees in RIPE for the Plenaries, and EOF, which this supposedly compasses, for many years, and they have done a damn good job, and I just wish to thank them and not gloss over it. Formalising it in this way, which is kind of NANOG?like, as opposed to that of other fora which are, you know, APNICs now, the programme committees, the Working Group Chairs, there are lots of styles for doing things; this is a perfectly valid one. The informal ways that it's been organised over the years, I don't know. I played in the programme committee ten years ago; they have done a damn good job.

ANDY DAVIDSON: Absolutely. That is absolutely fair to say. For those who don't know: the way that the programme is put together right now, is that if you ever brush past somebody in the hallway and say that you enjoyed a presentation, then you are put on a mailing list called EOF [] /KOERD, where you are able to say that you would like to see some content or would not like to see some content at the next RIPE meeting, and that process has yielded tense of excellent RIPE meetings, but my own thoughts, I think the thoughts of the people who responded to the survey by and large were that a core team of people who were actually going out and soliciting bleeding edge content was probably going to yield, was another way of yielding really really good content and may actually mean that the RIPE operational format stays ahead of the curve of other meeting organisations and will yield ?? will also yield really good results. So if ?? you are still able to get involved with building the content for the RIPE meeting exactly the same way by doing research, writing papers and submitting talks and I hope that that continues in the same way that it has done for many years. It would just be administered in hopefully a more light way way and in a way that solicits papers rather than just presents papers. But thanks for the comment, Randy, and I share your sentiment. Are there any more questions?

[JOEL]: Not so much a question as a remark. I think this is ?? well, I was part of this work so I think it's an improvement. But, like anything else, whether it makes things better or not is the dependent on everybody who is attending the RIPE meetings and selecting content for them. The fact that, suddenly, there is a programme committee or at least that the programme committee becomes more visible doesn't mean that you can just, like, let it happen somehow. I mean, when I first joined this activity back in 2004, when I joined I was full of energy and I actively chased people down the corridors for content. As time goes by, you loose some of that energy, which is why I think that the rotation is a necessary thing. It's just the way life is. But, you also need to be seen ?? if you want something, come forward and propose it to the people that you know are somehow involved and it doesn't ?? if you are in doubt, tell someone. As long as you tell someone, the information will somehow find its idea. Like its way, I mean, currently there is this address meeting [at] ripe [dot] net which I guess will continue to work where you can send and some people are indeed sending their suggestions to. So, please continue doing that, because it's your meeting, and so, to a large extent, the content that shows up at the meeting is dependent on what you suggest.

ANDY DAVIDSON: Agreed. Actually, it might be useful if Rob and Sander could stand up, who, if you would like to be involved with the early programme committee, then you can talk to me or you can talk to Rob or Sander, Rob Evans and Sander Stefan, who will be happy to talk to you about what the role is and basically collect feedback, but if you didn't see either of those two guys, you are welcome to talk to me. Randy has another comment.

RANDY BUSH: Randy Bush. Just a side point. As somebody who has spoken occasionally at RIPE, making it easy for a speaker, making it, the process not painful, not putting a lot of bureaucracy in the way, etc. Is half the job of getting good speeches, lectures, whatever you want to call them. The other half of course is soliciting, but make it easy, please. Or keep it easy. I should say it's been very easy in the past.

ANDY DAVIDSON: Agreed. Are there any other comments before we move on to something else? Jim, is racing to the microphone, so...

JIM REID: Jim Reid. Andy, it's not quite clear to me where we go from here with this programme committee. Maybe you could just expand a few words on how this thing could be set up in place for Vienna, how this might unfold. I don't think it's been all that clear so far.

ANDY DAVIDSON: As someone who knows the answer. I am sure you know that's a good question. The way that we are planning to do this, the first programme committee will be the right size but it isn't felt that there is time to organise a bureaucratic election for people to serve on the PC. Two people from the existing taskforce will serve on the PC and they are soliciting help from two more individuals who want to make up that community representative right now. That gives us the community representatives. In time that he will be replaced by the stand down and the election process. And the liaison representative from Working Group Chairs will be selected this week and also the MENOG and ENOG PC liaison representatives will be selected this week, as well. Basically, the idea is that if you want to serve on boot strap programme committee, go and talk to myself, Sander or Rob, and that that will be ?? and then this programme committee will be able to stand up on the Friday Closing Plenary and say yes you can talk to us if you want to submit a paper for Vienna and there will be information on the RIPE website about exactly all of this soon afterwards as well.

Does that answer your question Jim? Thank you.

ROB BLOKZIJL: I would like to congratulate the taskforce and I am not going to mention individual members. I think they have done a wonderful job. I think people understand that this is not a revolution but an evolution. We are not going to throw away, hopefully, the things that works quite well especially the light weight?in formal way whereby people could approach whoever is in charge of the programme and say hey, would I like to present this or that. All that will be as it was before, but the new thing is that, let's say behind the screens, instead of a very unspecified group of people, all of goodwill and nobody really understanding what the other one is doing, we will have now a well defined group of people who have committed to do a specific piece of work, and I would like to congratulate the taskforce and hopefully on Friday, the first programme committee.

Also, nothing is cast in stone. This, hopefully, will be tried for the next RIPE meeting, and I am sure it will be evaluated at the next RIPE meeting. Whether it worked, how it worked, but what worked better than others. So, again, it's an evolution not a revolution, and I am fully confident that they are on the right way forward with this. So, I am looking forward to a short presentation on Friday. Thank you very much.


ROB BLOKZIJL: The next presentation is by I think our friend Paul Rendek. The RIPE NCC, every three or four years or so, does a membership survey. This is different from the survey you have just seen now, which was a survey among participants in RIPE meetings. This is the RIPE NCC, the membership association that goes around its members and trying to find out whether the members are still satisfied or whether they are dissatisfied with how the RIPE NCC operates and there is a survey going on right now and Paul Rendek, who is master of the survey, will give a preliminary presentation. He is not doing it alone. So, Desiree Miloshevic is also coming on stage.

PAUL RENDEK: Well, good day everyone. My name is Paul Rendek and I am the Head of External Relations and Communications at the RIPE NCC and I am here to talk to you a bit about the membership survey ? well, membership and stakeholder survey that we are about to conduct. I am here with Desiree Miloshevic, who is representing the Oxford Internet Institute. They are the organisation and the third party, independent third?party organisation that will actually be doing ?? conducting this survey on behalf of the RIPE NCC. So I thought we'd both come up here and say hello to you and explain what we are going to be doing and what we expect from you.

A little bit of background on the RIPE NCC surveys. We have been conducting surveys, as Rob as mentioned, pretty much every three years; we started this in 2002. I know that many of you in the room were around even at that time and have probably participated in this, which is great. These surveys are really important to us. I just want to take a moment to explain to you how important these survey results are to the RIPE NCC.

In 2005, notably, we did quite a big survey and we conducted in the same way we are going to be doing this time around and I will explain that to you. And it yielded some fantastic results for us to be able to do some great strategic planning for the company. In fact, if you take a look at a lot of the initiatives that we do today at the RIPE NCC, for instance, the out reach we do regionally or of the stuff that we do with governments and all of these kinds of activities and a lot of the stuff we do in the registration services area have come out of the feedback we got from that survey in 2005. We did conduct another survey after that, I myself felt that it probably wasn't as strong as the survey that we done then so I am happy that we are returning to this model and we are hoping that this survey is going to give us the results that we have to actually solidify a lot of the strategic direction that the RIPE NCC is wanting to take.

So, these surveys, they have always been conducted by an independent third party, there is a website here I have listed. You can go and see all the surveys were documented, the results are anonymous, of course, but the results are also posted up on our website.

So, the 2001 membership and stakeholder survey. I am happy to announce that, for the first time, this survey will be expanded to include more than just the RIPE NCC membership. We will also be contacting other stakeholders, like governments, intergovernmental organisations and law enforcement that we see ourselves working with. So what will happen is that the survey will actually split in two because there is an area that will be for, if you are a member it will take you down one trail and if you are another stakeholder it will take you down another trail. It will be great for us to get some feedback from some of of these other stakeholders, as well.

So, what we have done so far, going back to how we have conducted where we are in building this survey. Because we are actually not quite finished with it yet. We will be very soon and you will announce that. We have had some focus group meetings they were held by independent consultants; of course, Desiree was one of them, but we also had John Earls there. Some of you may remember he did conduct the 2002 and 2005 survey that we did, that was done by KPMG Australia. We have brought things a little bit more home and we are doing it with the Oxford Internet Institute this time. John was an adviser on this programme, so he has been working together with Desiree and they had some good focus meetings where we ?? they took place in Dubai, Moscow, Frankfurt, Stockholm, Milan, London and Prague. So, you know, we tried to spread things out a bit. We had them running all over our region the last couple of weeks. The great thing is that it wasn't just about the cities that we went to, but we took a great cross?section of our membership where we took small LIRs, then we took some of the ones we know a bit better, we also had some governments and LEAs come, other stakeholders as well to these focused group meetings. So we got some great results and feedback on how we should actually be producing this survey. The only bad thing is that we had such an overwhelmingly large amount of material that we got back that it's quite a lot to go through, to see how we would actually set up the final questions.

So, these survey results will be analysed by Desiree, as I have mentioned. Of course, they are independent. All the responses will be anonymous, only to them. Desiree will be leading the team that will be going through and analysing the results for us. And the survey results will be presented to the RIPE community at RIPE 63. So, you will all get to find out what the answers were there.

So, I am here actually today to ask you to please participate in this survey. We are planning on launching this on Friday, the 6th of May, so it's last day of this meeting. And this survey will be open until the 10th of June. We will hold this thing open until the end the ENOG meeting. We are hoping to get some of our Russian colleagues during that meeting, that will take place in Moscow to give us an extra push to see what's also happening from that side. It's open for a long time. All of you will have time to fill this survey out. We will be sending out an invitation by e?mail to all of our members and we have other stakeholders lists of folks that we have been working with from other areas, so we will be certainly sending out some e?mails. I apologise for any of the duplicates you will be getting. I'd like to have Desiree say a few words, as well.

DESIREE MILOSHEVIC: Good afternoon, and thank you for the introduction and pulling me into this presentation here today. So, I'd like to add a few words and first thank to everyone who has turned up at these focus groups that were carried out over the last month. As Paul has said, the feedback has been overwhelming, so we are hoping to actually get all that input back into the questionnaire.

Secondly, I'd like to say the Oxford Internet Institute, and myself, as one of the industry researchers, are very pleased to be able to get involved with such a project, because it's the first multi?stakeholder survey that the RIPE NCC will ever carry, or going forward from now on. So I am very excited about that.

And secondly, as it's been already mentioned, I think I'd like to assure you that my analysis of the data that would be looked at and analysed will be completely anonymous and it will reveal no identities of the responders back to the RIPE NCC. And also, thirdly, it is important, as you know, that, as we have seen from some of the surveys carried out in 2005, where the RIPE NCC has received a very important insight as to what would be the next type of activities, the RIPE NCC should be doing over the next three years, and further going further at this critical point I think it's very important to get all of your feedback that you can, so I would kindly ask you to go online and spend about 20 to 35 minutes and dedicate some time to fill in the survey and give as much comment and feedback because it will underpin, certainly, some of the activities that the RIPE NCC will focus on providing in the years to come.

So, finally, I think in addition to that, I think that Paul has some good news; he found some ways how to inincentivise you to fill in the surveys. I'll pass back the role to him to tell you about that.

PAUL RENDEK: I know I don't have to offer you any incentives because you are all fabulous and you'll fill the survey out. But just in case, we have a little extra incentive for you. We have five iPads that we will be giving out to you ? well, some of you, anyway. There will be one 'early bird' winner, and that will be taken from the respondents that we receive up until the 16th of May, so if you want to be the person that gets the first iPad, I suggest that, on Friday, you get your laptop out, or borrow your neighbour's, and get going with that. And then we have four more that will be drawn from among all the respondents. Don't try to talk to me about this because I am not the one that decides where these iPads go, so I think we are going to leave that to OII. So that's out of my hands.

Lastly, before I ask for any questions, I'd just like two of my colleagues to stand up, Fergal Cunningham and Sandra Brass, if you guys stand up. These guys have worked to make this survey happen. It wasn't me that did this. They have worked very hard with Desiree and John and they are going to make sure that we have a nice smooth survey and that's fantastic, thank you very much guys.

So does anybody have any questions for us? Okay. Well, good luck with the iPad.

ROB BLOKZIJL: Well, this was the end of the advertised part of the programme, and we are well within time. What we would like to do now is to give you the opportunity to report things which you think are worthwhile reporting. I know this comes completely unexpected, so that has the advantage that you have not been working for weeks to get a smooth presentation, but maybe you have this one? to five?minute thing you would like to communicate. This is all in the spirit of let's try out new things. So, who is game? Who would like to say, well, last week I had this brilliant idea and it is still in the back of my mind? I see people walking away... Rudiger?

RUDIGER VOLK: Rudiger. I appreciate the, what's it called in NANOG? Oh, God...

ROB BLOKZIJL: Lightning talks. We have those, as well, later in the week.

RUDIGER VOLK: If that's the case, I'd rather watch whether I can do something for lightning talk than do something really ad hoc.

AUDIENCE SPEAKER: I'll talk a little bit more about the lightning talks in the next session, so that the ground rules are a little bit clearer. But for this one, actually, I heard something in the corridors. This is this RIPE stats thing, and there is a demo there and I wonder if anyone at the RIPE NCC could give us a snapshot?

ROB BLOKZIJL: Daniel, are you from the RIPE NCC?

[DANIEL KARRENBERG]: I think I am currently from the RIPE NCC. I can do that for five minutes. I even uploaded some slides, I am not sure whether they are here.
Well, so, this is like six minutes for 12 slides. It's going to be pretty fast. I know that there is a few other people who had ideas; they are just too timid to come up. So what's RIPE Stat? It's a new and old idea. Both at the RIPE NCC, you know that numbers are us. We know everything about IPv4 addresses and IPv6 addresses and aut?num system numbers, while we might have some IPv4 addresses to give you, we still register them and we do lots of measurements about them. What we have heard in the past is that, yes, you have all this data but it's so dam hard to find it, and to find anything, find useful, use of it and combine it and so on. So, what we want to do with RIPE Stat is do just that. It's a modular and extendible tool box. And Stat doesn't mean statistics and only statistics; it means statistics to a certain extent, but it also means status, so we really want to go, and that's also something that we heard from you, we want to go realtime. We want to be able to tell you what the status of things is as is goes on.

The basic idea looks like this: It's a royal rip?off of something but it's not a royal rip?off of Google. You'll see me afterwards and tell me what you think, where you think we got the idea. It, basically, has a query box, and, in this, you put the natural thing, either an AS number or an IPv4 address or IPv6 address or prefix. And what it will then do is, it will show you almost everything ? well, not, quite yet, everything, but the idea is, at the end, that it will show you everything we know about it. So, here in this one, you can probably not read it in the back, shows you a very ?? a number of boxes and in each box there is a different aspect about this AS that I chose here. The first one shows you abbreviated excerpt from the RIPE database, so it's the registration information for this address space. Next box shows you the prefixes this SA announces and this information comes from the routing information service, RIS. Then there is another box that shows you a graphic of the number of prefixes. This AS has announced over time, this also comes from the RIS, and it's a pretty boring graph. It's like, you know, somewhere at the 105. But what you can do is, actually, you can ?? there is a time line underneath which has a wider history from 2000 onwards 'til 2010, and you can actually go and zoom in there. If you zoom in around July 2008, something must have happened there because they went, like, up to 250 at some point. And the idea is that, in the later versions, which are not better, you can actually go there and see what were those prefixes that were announced. We have all this information; we just don't have the user interface for it yet. We are getting there. You can get an idea about the prefix size distribution. So what kind of prefixes did they have? A lot of /16s, but also a couple of /28s, more interesting /30s there. You can have a look at what we call BGP distance. Some of you might recognise this from the RIS tool box. It basically shows you from the various Internet exchanges and places where we have our route collectors, it shows you how far, how many hops there were, minimum average and maximum. You see that the minimum is at Netnod and the Milan exchange and, you know, as you cross the ocean, it gets a little bit more. I won't go into the details here. It's just ??

There is a global visibility thing which you might recognise from something that we call Netsense before. It shows you the visibility of this AS on average in various continents. We see everything is fine in North America here. Again, you can zoom in and see, oh, yes, in New York it's all fine; in Florida, there is, apparently, some problem here.

We also have a third?party databases, here is the geolocation of max. mind and there you can quite nicely see the example I picked at random is actually somewhere in Italy, apparently. And all the prefixes are actually somewhat distributed along Italy. And we also have a couple of years' history for this, which we don't show here but which we will show, so you can probably see if a prefix changes hands in the future, or something, you know, where it was before.

The strategy here is to actually give you, at some point, immutable and shareable URLs so you can pass this on. So my personal goal is here is that when operational issues are discussed, you know, on operational mailing lists, that, more and more, we will find these URLs there where people say I saw something and it's not described verbally or there is not just a ping or a trace route output, but there will be a URL which said I observed this and you will see all these nice things and you can actually select them and say, I want to see this and that and that, and so on.

We want to add more history, I already said that, and we want to have multiple output formats. We actually want to give you the raw data here. We are not ?? we are still looking at ways of doing that, but so that for the things that you look at, you can actually get the raw data in one form or another and actually do your own analysis on it. And what I would like to do is, and to have at some point is, a RIPE Stat command just like a net stat where you can actually get some way of summaries on the command line that one can use and can look at and use to build scripts on, and stuff.

And so my personal strategy is to successively integrate all the information service that is we have into this, because in the end you ask, you are always asked something about an AS number or some address space and even the sort of global results that we get from RIPE Atlas, the things that we currently have from RIS, stuff that we have from TTM or what TTM might evolve into, and so on. We all want to make this available through this interface. That's the long?term strategy.

We built this in an agile way. We have regular demonstrations of this. As you see, it's modular design. You can add another box and you can change functionality of simple boxes and we actually do demo this new functionality and what we are doing with it every four weeks. We have had four demos already. Which you can actually look at, they are summarised on the RIPE labs and there is actually a video of each of them available on the RIPE Stat site. If you want to catch up with things, you can do it there. We monitor the usage, so what people are doing with it, and actually you can look at this monitoring too. We published this monitoring. It's also on the site, and based on the usage and feedback, we will adjust it. You might think here is to say you get the tools you deserve, so get involved and please do not interest what we have there as finished especially the performance, and so on, we really need to work on. But we have decided to show something early on in the development rather than showing a finished product that then needs to be tweaked. At this meeting, there are a couple of activities to have to do with that. There is a demo stand to the left of the registration desk. It's the two stand?up tables that are in the way if you want to get to the cloakroom. It's 10:30 to 4 p.m. each day. That's the beginning of the first coffee break to the end of the last coffee break. There will be some formal talks and description of details and how it's done and a little bit more about it in the measurements Working Group on Thursday at 4 o'clock, and there will be a BoF, actually, where we solicit more feedback where you can actually meet the developers and also discuss with fellow operational people right after that, but we decided to, or we want to tryout actually to have a bit more informal discussion than in a Working Group in a BoF. And it will finish well in time to get you to the dinner.

And, of course, since Paul has five iPads, we have one iPod to give away for the best suggestion about a new feature or a change of features and things like that and the draw will be at the Closing Plenary on Friday. You can get in your suggestions at the demo stand or on the Working Group mailing list.

That's all.

ROB BLOKZIJL: Any questions or remarks? People are overwhelmed. Thank you, Daniel.


Are there any more people around who say, oh, but if that's the idea of presenting something? Patrik.

PATRIK FALSTROM: I got a lot of questions during the last couple of months so you and others asked so much about support for IPv6, but how do I know whether my domain name actually supports IPv6 or not? So I didn't really find any direct tools and people blame me for not creating any of this. I actually made a tool myself that I now ask everyone to try to kill the server. You will probably find more bugs in it but you can go to go go6 ? digit 6 ??.se /check. C?H?EC?K. Does it work, Daniel?

So, the intention with this web page was that it checked that we had AAAA for the domain name, that there is AAAA for at least one of the MX records, AAAA for MX records and try to ensure that the ?? and then that verifies that there are AAAAs and that TCP connects. Nothing more, nothing less, very easy, four green buttons and I also keep track of statistics of what domain names are the ones that are the ten most popular domain name checks that fails., the Regulator in Sweden and the largest ISP.

ROB BLOKZIJL: Sounds like an interesting list. Thank you, Patrik.

AUDIENCE SPEAKER: I have a quick question. Have you done anything to enable your service to actually retrieve AAAAs from organisations that only support AAAA from authenticated sources or from sources that are verified to have IPv6 connectivity.

AUDIENCE SPEAKER: I am not part of ?? the IP address block that I am testing from is not part of your wide testing, that is correct, if that was your testing.

AUDIENCE SPEAKER: Or anyone else who would do a similar service?

AUDIENCE SPEAKER: What I do have is, I had a couple of people that actually find a bug because they put up a domain name which only had AAAAs, both for that made my script just go [poof]. It works better now. But, I would love to have that kind of feedback. I am happy to talk to you separately if people have better tools, that is like better than my hacking, I would like to know that as well because I think these kind of things are what people ask me about. Like is this domain name ready? Do they have the set?up, the DNS correctly?

AUDIENCE SPEAKER: The two things that seem to be obviously missing from it are, one is getting on white lists where there are widescale white lists, and the other is dealing with the fact that people don't like to talk about this but there is no single well interconnected v6. So in order to make this truly work, you will have to have multiple points on known?to?be disconnected islands and report things like, oh, you are working on HE v6 but not this other IPv6.

AUDIENCE SPEAKER: That is absolutely true. I am only testing from my own server but it's pretty well connected I think. I haven't seen ?? heard a problem so far, but of course most of the tests that have been done against this thing of mine is of course various other domain names that are hosted in Sweden. So of course the risk for that kind of problem is very low but I am happy to receive more feedback and no I have not been thinking about doing anything distributed. Maybe this is something that should be done or more distributed, but anyway just needed to have something because people started to ask so many questions about it, but the white list I think is a good idea so I probably should add that and have special notes about whether it passes on because of the white?listing. Thank you.

ROB BLOKZIJL: Thank you, again, Patrik. I see a conspiracy in the making in this corner...

SPEAKER: Good afternoon everybody. I was just asked to give a brief update on the DNSSEC in relation to the RIPE NCC, and I'll start out with our really ugly, at the very beginning. During our regular KSK roll?over this year, we encountered a bug in our DNSSEC signing software the. Essentially, the signature over the DNS key set in the E 164 arpa zone was missing in that zone that has been published. Well, essentially that renders the zone not very viable any more and the zone for DNSSEC validating [race]?overs was not reachable. We fix this had bug ?? well we didn't fix the bug, we fixed the issue and got to analyse it with our vendor and, unfortunately, our vendor was not available to reproduce the same problem we encountered in their lab. At the end of that analysis that they did, they ensured us that they think that this is in relation to a high system load because we did maintenance on the system the very same day.

Now, going onto the bad. Well we had another one of those outages just a couple of days ago which actually affected and one of our IPv6 reverse zones and this time we had no high system load, but we saw exactly the same problem. Now, moving onto the good part of it. Well, the good part is that this time we actually were able to reproduce the problem with our vendor and we had enough data to prove that it was the same. What did that show us? Well it showed us a couple of things. The most important one for the community at large is that engineers do not necessarily feel safe to operate DNSSEC if we don't provide them with certain safeguards so what we did is we started the discussion at the last work meeting in San Francisco and asking the community what did they think such a safeguard should be able to do and there was, by now, input from several of the large registries amongst others, SIDN for the Netherlands here, AFNIC for France, which also had similar outages, and DE?NIC for the German registry. What we have at the moment is the labs with working amongst others on DNSSEC verification proxy. The high level idea here is that you can hand in a zone on one end of this proxy, it will verify against a given set of trustings that you define and it will only be provided to your production systems once this verification has taken place. In order to be able to do this on a broader scale, we or better at he will NetLabs is hosting this mailing list, and I would invite everybody in here who has similar concerns or input on this kind of topic to join this mailing list and give us your thoughts.

With that coming to the end of our bad part here, some positive stuff.

Signed parents. Last summer, we saw the route zone being signed and since then there is been a lot of progress on TLDs that have been signed. This is now specifically the zones that we are operating for which we have a joined parent on the left?hand side. So you can see that by now we have submitted both our IPv4 and IPv6 reverse space. We also submitted the Trust Anchor for the ENUM zone and by now we have come network. That leaves WSIS a bunch of zones on the right?hand side that we have no signed parent yet, but even there, if we look to the plans of those TLDs and other operators, by the end of the year, we think that it's going to look like this for the RIPE NCC, that means that we will only have three more zones for which we don't have a signed parent and I think that's a huge milestone that has been achieved in a short time wins the root zone has been signed.

A little bit of statistics. I will also present more details about this at the DNS Working Group on Wednesday. This is over time, the delcation signer records for the DNSSEC zones that have been placed in our reverse registry. You can see there is a steady growth. We did not carry over the trend that we saw between October 09 and October 2010, but we still see a steady increase and I think that's very encouraging. That was all about all that I just wanted to convey to you in relation to activities that relate to the RIPE NCC and DNSSEC and I would be happy to take your questions.

AUDIENCE SPEAKER: I have a question from Robert mat an learn. He wants to know which software is the RIPE NCC using for the DNS ??

SPEAKER: He is in the room. I wonder why he is not at the microphone? Without playing a blame game here I think our surrender did their best and these bugs can affect anybody. We are currently using ?? and that's not ?? we actually released that I believe in the last meeting in Rome, the secure 64 signer solution.

JIM REID: Wolfgang, maybe this will come up in the DNS Working Group, but I wonder whenever the initial failure did you get many calls from people saying validation is failing?

SPEAKER: We got zero calls.

AUDIENCE SPEAKER: So was there any significant load on the server that might have given the vendor that excuse of seeing the problems caused by high traffic levels?

SPEAKER: For E164 arpa, that was not the case. We have to see that E164 arpa is not a high volume zone in terms of traffic. That doesn't mean that it's not important but in terms of query rates there are not that many queries so the magnificentcation that we might see is not that pronounced there. However, if the same thing were to happen for one of our really busy reverse zones, that might actually get into a problem for us.

AUDIENCE SPEAKER: Just a little thing to leave ?? I don't think we need to discuss it here but perhaps for the Working Group. What about processes and procedures for reporting things like these CRYPTO validation failures? Who do you call. The problem is if you can't validate the ?? how do you get an e?mail. Park that thought for now and perhaps discuss it in the Working Group.

PETER KOCH: Peter Koch, responding to Jim, if you don't receive any calls after validation in the ENUM 3 breaks, this is of course a proof that both are well success, right?

JIM REID: What if it's for something else that then broke, let's say a ccTLD?

SPEAKER: I'd just like to reemphasise, those are definitely issues and the more we see DNSSEC being deployed, they are going to get more and more severe, and my important point here, and I cannot stress that enough is we face those issues early on and we are happy to share what happened to us and, you know, give people the experience from that, but we strongly believe that there is something more necessary and necessary every entity out there will be able to produce that on their own and than points back to this DNSSEC verification system to make sure that the engineers operating this technology have the confidence in operating it, because if they lose the confidence, it will be one of those great systems that nobody wants to touch until it falls over.

ROB BLOKZIJL: I saw Rudiger getting up and getting down.

SPEAKER: Thank you very much.


ROB BLOKZIJL: This seems to be working unexpectedly well, so we have 12 minutes left in this.

SPEAKER: So in this period of impromptu presentations that going through in this session. This is something I was doing for myself, so I just wanted to talk a little bit it it. Because we keep hearing about DNSSEC how it's being deployed and how it works, or doesn't work as the case may be, and hopefully we are all here, engineers or like to think of ourselves as engineers, and the question is, if you are up to your neck with work, what does DNSSEC have in it for me other than even more work?

Which is kind of a question I was asking myself. So, I don't know, how many of you are aware of the SSHFB DNS record? Any of you using it? Okay, not many, so I just want to actually talk a little bit about it.

It stands for SSH Fingerprint, it's a DNS record that was defined four or five years ago maybe in an RFC and is implemented by most main servers software that you come across these days. What it allows you to do is to put the fingerprint for your SSH keys, and remember we are all engineers, so we use SSH to log into the different machines, at least one hopes, into the DNS, and so, what good does that do anyone? It does you the good that if you use open SSH as your SSH client software, it has some coding in there and in some circumstances will go and check the DNS for this fingerprint and depending on what it finds, it will inform you of what it found. So it's good as a diagnostic tool or it will trust what it found and go ahead and do the connection, authenticate the remote host, the server, so you can proceed in a trustworthy way, because, otherwise, what you come up with is the well known, the authenticity of this server hasn't been established and then prints some strange string of numbers there, is this okay or not? And I don't know, but I think I probably can count with the days the fingers of one hand the people that actually go and do a check what the client is telling you against what the server is supposed to have. And invariably you say yes, because you are rushing to get to your server because there is something you want to do, and this question is just in your way. So, that does away with the security.

What do you need to do if you want to automate this whole process? You use SSHFP. How? You get this little piece of software from [] Selerance, who are people doing software, calling SSHFP. This is a little bits of software written that you download and it takes the keys from a source that you provided, hopefully a trustworthy source, and puts it into the DNS records that you need to put in the area zone. What comes out is this: these records here, which you duly put into the DNS. The fingerprints of the RSA and the DSA keys, which are the two commonly used ones.

With this, you are almost good to go. What other thing do you need? And this is where the DNSSEC comes in. In order for the SSH client to be able to trust it without asking you questions, you need to have the domain that serves this information, B DNSSEC sign. So, what this provides is a very lightweight mechanism for you, the system administrator, to benefit from the DNSSEC right now, and something that actually saves you time and saves confidence in how you operate your systems, it allows you to keep your team members, co?ordinated in the fact that when you reinstall the server, or install a new server, you don't have to go and tell everyone what the new key is; you rely on DNS because it's there for them, and you get the experience DNSSEC in your own domains first hand, through the whole thing, signing and validation because you have to do validation so you have to configure the route key preferably, get to the main sign and so on. Without actually going about breaking stuff for your customers. So, instead of just learning things for the sake of learning, you actually get some benefit and that's basically what I tried to do when I have to do more work than I am already doing, find a way of it benefiting myself. It works, principally works in the most recent versions of FreeBSD and ?? unfortunately enough, I have a Macintosh, it doesn't work yet on the Mac OS because you have to enable one small thing. You are all probably familiar with this file. This is the traditional one. You put the search domains ?? there a lot of more things that happened since this file was originally specified back in the dark ages. You have a section now that can put that's called options and one of the options that you can put there, that you need to put there for your client to be able to find out the DNSSEC validation information is E option DNS 0, otherwise you don't find it. Not all the systems are supported yet, but the ones we tend to use, the latest versions of the Linux distributions and the most recent free BB SDs do support it. As I said, it's very easy, it works. It's nice that you don't have to start saying yes to all these questions that you don't want and yet be able to trust that you are logging into the server without external interference and it allows you a way of getting your Ennex appearance first hand with DNSSEC with come benefit to it. That's it. Thank you.


ROB BLOKZIJL: Thank you, Joal.

RICHARD BARNES: This is Richard Barnes, BBN. I just wanted to extend [Joal's] comment and provide a pointer to some work on. If people are interested in doing similar things like Secure AGT, like Secure iMap, there is a Working Group in the IETF called Dane, D?A?N?E, like someone who is from Denmark.

ROB BLOKZIJL: Okay. I think we are coming to the end of this first slot of our RIPE meeting. I would like to thank you all the speakers. Surprisingly more than advertised but it's all in the spirit of we are trying out new things. Before you go, I want to remind you to have a look at the updated agenda for the second session after the coffee break. I haven't had a look yet, but I think if I understood, there is an additional presentation by Geoff Huston.

So, enjoy your coffee break and we expect you all back at four o'clock. Thank you.

(Coffee break)